I’m running with a version built and run with java 11. Given this, is there still a risk/concern if I don’t have custom scripts configured at all on the Fuseki server?
On May 31, 2023, at 12:06 PM, Andy Seaborne <[email protected]> wrote: "EXTERNAL EMAIL" – Always use caution when reviewing mail from outside of the organization. On 31/05/2023 17:17, Brandon Sara wrote: > > With CVE-2023-22665, what is the risk of using Fuseki pre-4.8.0 that does not > have custom scripts configured in any configurations? Is there only a risk if > custom scripts are set up to be used by Fuseki or is there a risk regardless > of configuration? > > Thanks. Java17 does not have javascript engine, unless the deployment adds one. So running on a Java17 means that scripts can't execute. The issue is Java11, where there is a script engine in the JVM runtime. Andy https://openjdk.org/jeps/372<https://openjdk.org/jeps/372> Nashorn removed at Java15. No PHI in Email: PointClickCare and Collective Medical, A PointClickCare Company, policies prohibit sending protected health information (PHI) by email, which may violate regulatory requirements. If sending PHI is necessary, please contact the sender for secure delivery instructions. Confidentiality Notice: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.
